MIT published both alerts Tuesday, and publishers of three major Linux distributions -- Red Hat, Turbolinux and Gentoo -- had fixes up by the time Evans wrote the story.

My problem is there are many other Linux vendors out there, and many people running Linux don't have a tight a relationship with their supplier that would enable quick bug fixes.

Oh, and while Microsoft uses Kerberos, Evans notes it's a homegrown version unaffected by the flaws.

What this tells me is that a comparison of open source security and that of proprietary security should not be based entirely on the software, but on the distributors' patch creation speed, and the users' patch implementation speed.